Ponemon Institute: The Cost of Time To Identify & Contain Advanced Threats

The purpose of our study was to better understand the cyber-security challenges facing financial services enterprises as well as both conventional and Internet retail companies.

Attend this webinar to learn:
- The state of ATs and DDoS attacks in the two verticals
- How companies deal with advanced threats and denial of service attacks
-Industry differences: financial services vs. retail companies

As the scale, sophistication, and targeting of cyber-attacks increase, organisations need to manage risk in ways beyond those traditionally handled by the information security function.

In this webinar, Steve Durbin, Managing Director at the ISF will offer his insights into how security and business teams across the entire organisation can work together to minimise the impact of a breach, in order to protect organisations from damaging shareholder value and business reputation.

About the presenter

Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.

Demand for cloud services continues to increase as the benefits of cloud services change the way organisation manage their data and use of IT.

However, while these services can be implemented quickly and easily, with increased legislation and data privacy, the threat of cyber theft is on the increase and organisations must have a clear understanding of where their information is stored and how reliant these services are.

In this webinar, Steve Durbin, Managing Director of the ISF will discuss the risks associated with cloud computing and how to manage them, as well as how to maximise the benefits.

About the presenter

Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.

With the ever-increasing security threats to organisations, business leaders need to have a comprehensive data security strategy to protect themselves.

In order to prevent, detect and respond to breaches, organisations must focus on the basics such as software updates and patches, as well as build awareness within the organisation to ensure employees are educated on cybersecurity best practices.

In this webinar, Steve Durbin, Managing Director of the ISF will discuss what actions can be taken to prevent and detect a data breach, and how to respond to a breach in order to reduce damage to brand and reputation, as well as how to mitigate the impact of a breach.

About the presenter

Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.

IoT, IIoT, OT... It is likely that for many of us these acronyms are confusing. The fact is that traditional industrial environments, such as utilities and production, have started a digital transformation process which harness these and other technologies to become more efficient, automated and competitive.

Within this transformation from a well-defined and well-controlled industrial ecosystem to a dynamic and open one, lurks a shift in the security challenges, needs and solutions/architecture.

This session will focus on the technologies and challenges digital transformation introduces in industrial environments and how Fortinet’s Security Fabric is deployed in such an environments to provide the required security infrastructure and posture, including demonstration of some simplified use cases.

Data protection has always been important, but with the GDPR deadline looming and data sharing scandals shaking consumer confidence, securing personal data has never been more vital. The GDPR is leading businesses across the world to evaluate, and in many cases modify their data processing activities in line with upcoming law.

So what if you’ve left it too late? What are the key steps you can take to work towards GDPR compliance, even after deadline day?

Join us in this webinar with Alex Jordan, Senior Analyst at the Information Security Forum as he shares:

-The ISF’s phased approach to GDPR implementation
-Ways to determine the criticality of data and how to protect it appropriately
-The urgent actions that a business can take to get GDPR compliance started
-Common myths surrounding the GDPR, and guidance on cutting through the noise.

The United States spent around $3.5 trillion or 18% of GDP on healthcare. According to FBI, the amount of this spending lost due to fraud, waste, and abuse (FWA) ranged between $90 billion and $330 billion!

This talk will offer practical advice on how to effectively organize and join various healthcare data sources such as claim and clinical data, how to set-up the problem, and how to design an effective machine learning solution to identify FWA leads and expedite investigator review using intuitive visualization to understand the risk factors contributing to those leads.

There’s much hype and excitement around how AI and machine learning could transform the world of finance. But a key area of development growing behind the scenes of talking robots and automated assistants is how these new technologies will have a seismic impact on Anti-Money Laundering (AML) and Counter-terror Financing (CTF) back-end compliance processes. AI can dramatically improve AML risk data collection; spotting new risks faster and digging deeper for hidden risks.

It will also shift customer onboarding & KYC processes from ‘name matching’ to contextual ‘identity matching’ to reduce false positives and false negatives. Unlike other industries, the training data required to make this a reality with machine learning techniques are available today.

AI-driven compliance will ultimately have an enormous impact on how financial services will work - increasing automation, reducing manual overheads and helping prevent financial crime.

Presented by Charles Delingpole, CEO & Founder ComplyAdvantage

Charles Delingpole founded ComplyAdvantage in 2014, and as CEO leads the product development and growth of the company. Charles set up his first company, The Student Room Group, now the world’s largest student discussion forum, when he was 16. After completing his MA in Politics at Trinity College Cambridge, and then an MSc in Management, Strategy and Finance from the LSE, he became an associate at J.P. Morgan Cazenove. He then went on to co-found FinTech firm MarketInvoice, a peer -to - peer financing company which uses customer data to digitise the approach to financial risk analysis.

Payment fraud prevention tools have existed since the end of the 90s and have improved continuously since. In the last 2 to 3 years we have seen a new paradigm come into the space - machine learning.

This new technology is perfectly fitted for identifying fraud and is slowly being adopted by the market. Moving forward, using tools like this will no longer be a choice but rather an obligation for merchants. An obligation, as it will be at the origin of a competitive advantage which goes way beyond fraud prevention and will bleed into business intelligence fields.

In this session, Rodrigo Camacho, CCO at Nethone will walk you through the evolution fraud prevention touching on the following key points;

How the problem is solved by a large part of the industry today
The revolution that is happening in the space today
The halo effect that this revolution is going to have on the rest of business processes

Open Data is somewhat of a misnomer. For data sharing to take place, privacy must come first. As such, GDPR represents the essential rules of engagement without which the game of PSD2 cannot take place.

Rather than signalling an era of 'free love' between service providers and platforms, PSD2 and the API revolution mean that businesses and service providers must now be more secure than ever when it comes to user data.

In this session, Soldo's founder, Carlo Gualandri, explains how Soldo has responded to the regulatory environment by building a proprietary in-house GDPR-compliant machine to ensure privacy by design.

Cyber has become a strategic issue and for many companies is now a business enabler and increasingly a form of competitive advantage. However it is clear that it remains difficult for Board's to get the “right” management information to support their cyber risk discussions and decision making.

So how can Board's ensure that they are asking the right questions when it comes to an organisation’s cyber posture and how can CISOs maintain and improve the Board’s attention in this fast-moving space? This webinar will look at the challenges faced by CISOs and Board members and offer insights into how to successfully approach cyber security at Board level.

About the presenter:
Steve Durbin is Managing Director at the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.

What are the latest trends in the cyber-criminal underworld?
Which attacks are you likely to be preventing as we move further into 2018?
Who’s looking for vulnerability on your network?

These questions and more, answered by Peter Wood FBCS CITP MIEEE CISSP M.Inst.ISP
Chief Executive Officer, First Base Technologies LLP
Peter’s career spans 48 years, with experience in network security, social engineering, threat and risk analysis, red teaming, industrial control systems and electronics. He founded First Base Technologies, one of the UK’s first information security consultancies in 1989. Peter has provided security advice and guidance for businesses of all sizes for more than 28 years, leading a team of expert penetration testers and consultants unrivalled in the industry.
He is also a world-renowned security evangelist, speaking at major conferences and delivering seminars and webinars. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio, and written many articles on a variety of security topics.
He is a BCS Fellow, a Chartered IT Professional, CISSP and a member of IISP, ISACA, ISSA, IEEE, ACM and Mensa. He is a visiting lecturer at the University of Sussex, teaching cybersecurity and ethical hacking.

The expectation from the start of 2017 – that we hadn’t seen the back of ransomware – was justified. 2017 was plagued with global attacks such as Petya, WannaCry, Bad Rabbit and many others. Unfortunately, 2018 could be even worse.

With ransomware continuously developing new delivery techniques, organisations must learn how to prepare and protect themselves from the threat of ransomware, but how can they do this?

In this webinar, Nick Frost, Principal Consultant at the ISF, will explore the latest threats in ransomware and what organisations can do to minimise vulnerabilities to reduce risks of an attack.

About the presenter:

Nick is currently the Principal Researcher for the Information Security Forum (ISF) Ltd. He has more than 15 years’ experience designing and implementing a risk-based approach to securing information. He has developed leading solutions for evaluating risk across both internal and supplier environments.

In the age of Digital Transformation, SD-WAN is on the lips of all enterprises and service providers. While the operational and commercial benefits of SD-WAN are clear, the focus on these as THE consideration is dangerous, as along its benefits comes a greater cyber security risk.

This session will focus on Secure SD-WAN and the built-in benefits it provides, from both the operational and security points of view.

The second part of this webinar will cover the topic "Assessing the Impact of Web-Based Attacks" from the "Analyzing Attacks on Computing and Network Environments" module of the official CFR course.

Before we get to this, the introduction will include an overview of the CyberSec First Responder (CFR) course and certification from Logical Operations. The CFR course prepares IT professionals with the knowledge, ability, and skills necessary to defend information systems in a cybersecurity context, including protection, detection, analysis, investigation, and response processes.

The practicality and value of the certification including its DOD 8570 approval will be highlighted.

TOPICS TO BE COVERED:

- Learn about how the CFR certification from Logical Operations can improve your organization’s information security defensive readiness, response capabilities and investigation to cover all aspects of incident response and analysis including before, during and after the incident.
- Learn why CFR is one of the most practical security certifications available providing excellent ROI
- Learn about types of web based attacks and their impact on your organization
- Learn through using OWASP ZAP to scan a vulnerable website
- Learn by exploiting a vulnerable website using SQL injection and XSS
- Learn about how to get discounted exam vouchers

Travin Keith, Managing Director at Agavon, Co-Founder at SICOS, and Administrator at BitcoinMarkets

With the burst of interest into cryptocurrencies, there have been a lot of new users into this innovative world. However, the rush into the space has caused many users to skip key steps in joining the cryptocurrency community, such as understanding what basic security practices they should follow in order to keep themselves and their money secure.

While there are technical steps to take to secure one's funds, there's also a number of things to keep in mind while interacting with the community.

This webinar discussion aims to give beginners in the world of cryptocurrencies tips to better protect themselves, their money, and their sanity.

Multi-party permissioned blockchains present a set of new security challenges for dev ops and system and network administration.

This webinar will cover why a lot of what we already know from securing N-tier architectures also applies to securing permissioned blockchains. It will also cover what is different and new and discuss strategies for the practical defense of these distributed systems.

This session will discuss the generational GAP in Cybersecurity Talent. One of the biggest challenges facing the Cybersecurity Community is filling the GAP as quickly as possible through mentoring and bright talent eager to enter the field with little or no cybersecurity background.

While some hackers crave the attention of a high profile attack or data breach, others prefer to work in shadows either trying to hide their tracks or are indifferent all together.

Regardless, accurately understanding where an attack comes from is very helpful in defending against future attacks. More importantly, when companies and key organizations work together it is possible to tie together a multitude of individual footprints into a single, conclusive trail back to the originator.

This session will focus on the importance of attribution and includes a case study of how a major cyber criminal was taken down, from the lowest foot soldier to the kingpin himself.

Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology.

Pete Wood will talk about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.

The Information Security Careers Network is the largest group on LinkedIn dedicated to helping people further their careers in IT & Information Security.

Due to our partnerships, we are able to offer discounts on some of the most popular security certifications and training courses, including CEH, CISSP, CCISO, and more.

www.infosec-careers.com

This BrightTALK channel is an extension of the group and the ISCN website (www.infosec-careers.com), featuring webinars, presentations and resources from some of the leading names in Information and IT Security to help you develop your knowledge and get the job you're after.